IBM & Security Gov. Point Of Views

Transcription

1 IBM & Security Gov. Point Of Views Santiago

2 Point of View: Info Security situation

3 How Government can Protect Itself from Cyber Attacks According to a GovLoop survey, 90% of respondents don t think their agency is fully prepared for a cyber attack and named the ever-changing nature of threats, as well as inadequate training, as their biggest obstacles. For all levels of government, the number of cyber attacks on networks are growing in frequency, and becoming more sophisticated and aggressive. The threat of Sophisticated Attacks, Security Breaches, Phishing, and Social Media Fraud is very real for everyone, especially government. But that s where the Continuous Diagnostics and Monitoring (CDM) program comes in.

4 Innovative technology changes everything 1 trillion connected objects 1 billion mobile workers Social business Bring your own IT Cloud and virtualization

5 Motivations and sophistication are rapidly evolving National Security Espionage, Activism Monetary Gain Revenge, Curiosity Insiders and Script-kiddies Code Red Organized crime Zeus Nation-state actors Stuxnet Competitors and Hacktivists Aurora

6 Security challenges are a complex, four-dimensional puzzle People Employees Consultants Hackers Terrorists Outsourcers Customers Suppliers Data Structured Unstructured At rest In motion Applications Systems Applications Web Applications Web 2.0 Mobile Applications Infrastructure Datacenters PCs Laptops Mobile Cloud Non-traditional that requires a new approach

7 Government clients are among the most frequently attacked industries 1 1 US federal government agencies have lost more than 94 million records of citizens since In 2012, US federal government agencies reported 22,156 data breaches, which was an increase of 111 percent from incidents reported in IBM X- Force Threat Intelligence Quarterly 1Q Data Breaches in the Government Sector, Rapid7, Ericka Chickowski, 10 Top Government Data Breaches Of 2012, Security Dark Reading, 29 Nov. 2012

8 IBM can shed light on who is attacking enterprise networks and why Observations: 1. 73% of breaches are a result of either misconfigured systems or end-user error. 2. Almost half of the attacks are from outsiders who are often opportunistic % of attacks are either espionage, financial crime, or terrorism related. 4. Sustained probes and malicious code are the primary ways companies get attacked. Source: IBM X-Force, IBM CyberSecurity Index IBM & Client

9 Security challenges >> that make clients vulnerable to attack Lack of visibility to events across the infrastructure to identify threats and fraudulent activity to critical systems Inability to effectively manage and monitor user access to resources Vulnerabilities in code for online applications / web services Inability to monitor access to sensitive / confidential data Endpoints built on vulnerable Oss Malware proliferation into the enterprise from infected endpoints

10 Do you have a good security program today? Ask yourself Are you ready to respond to a security incident and quickly remediate? Do you have the visibility and analytics needed to monitor threats? Do you know where your corporate crown jewels are and are they adequately protected? Can you manage your endpoints from servers to mobile devices and control network access? Do you build security in and continuously test all critical web/mobile applications? Can you automatically manage and limit the identities and access of your employees, partners and vendors to your enterprise? Do you have a risk aware culture and management system that can ensure compliance? Maturity-based approach Automated Manual Reactive Proactive Optimizing your security is essential in today s environment

11

12 IBM Security Systems - IBM Security Framework

13 The security maturity model

14 IBM Security Strategic imperative #1 Use analytics and insights for smarter defense Use intelligence and anomaly detection across every domain Build an intelligence vault around your crown jewels Prepare your response for the inevitable

15 Strategic imperative #2 Employ innovation to improve security Own the security agenda for innovation Embed security on day one Employ innovation to improve security

16 Strategic Imperative #3 Get help to develop an integrated approach Develop a risk-aware security strategy Deploy a systematic approach Harness the knowledge of professionals

17 Point of View: What we believe

18 State and Local Government The IBM Point of View The landscape The current global financial crisis had a profound effect on government agencies at all levels forcing government agencies to do more with less. Many agencies have chosen to take transformational approaches, such as using advanced analytics, adopting shared services or moving to self-service models to address specific pain points within their districts. Analytics can make data consumable, insightful and predictive. And analytics can help identify opportunities for efficiency through shared service or self-service approaches, enabling government agencies to realize increased operational efficiency and improved customer service levels through consolidation of similar services. But as agencies transform how they do business through the use of online interaction and other innovative technologies, consumer privacy and data protection has become a major area of focus. Security challenges Cyber attacks Government executives have an emerging awareness of security threats to the cyber systems that support government operations that can expose sensitive government information or the privacy of citizen information. Vulnerable customer facing application - Developing secure customer facing applications and services is critical to preventing breaches and access to back end data where sensitive citizen information is stored. Unauthorized user access - Establishing an information access governance strategy and solution within the organization where information could impact agency reputation and liability. Regulatory compliance - Ongoing regulations and audits cause challenges with vulnerability assessments across the infrastructure..

19 State and Local Government The IBM Point of View Value statements Reduce security costs for risk monitoring, analysis, and compliance reporting by integrating silos, automating controls, and optimizing the security investment. Reduce operational costs while optimizing security investments by analyzing and prioritizing risks, and remediating issues cost-effectively and in order of severity. Reduce risk for new business opportunities or services by providing a secure cloud-based delivery platform Minimize losses by identifying and protecting the crown jewels and other critical data assets. Gain the benefits of avoiding reputational risk or litigation by safeguarding citizen data Reduce application development costs associated with identifying and correcting defects early on in the software development cycle

20 State and Local Government The IBM Point of View Casos de referencia en la región clientes en el mundo (Agencias de Gobierno, Gobiernos Municipales, Provinciales o Nacionales) Publicas Globales AGESIC (Presidencia de la Nación, Uruguay) Gestión de Identidades federadas para unificación de la identidad del empleado publico y del ciudadano.

21

22 IBM Security: Delivering intelligence, integration and expertise across a comprehensive framework Intelligence Integration Expertise

23 At IBM, the world is our security lab

24 IBM X-Force Research and Development Expert analysis and data sharing on the global threat landscape Malware Analysis Zero-day Research IP Reputation URL / Web Filtering Web Application Control Vulnerability Protection Anti-Spam The IBM X-Force Mission Monitor and evaluate the rapidly changing threat landscape Research new attack techniques and develop protection for tomorrow s security challenges Educate our customers and the general public Integrate and distribute Threat Protection and Intelligence to make IBM solutions smarter

25 Intelligence: A comprehensive portfolio of products and services Security Intelligence and Analytics QRadar Log Manager QRadar SIEM QRadar Risk Manager QRadar Vulnerability Manager QRadar Incident Forensics Advanced Fraud Protection Trusteer Rapport Trusteer Pinpoint Malware Detection Trusteer Pinpoint ATO Detection Trusteer Mobile Risk Engine People Data Applications Network Infrastructure Endpoint Identity Manager Guardium Database Activity Monitoring AppScan Source Network Intrusion Prevention (GX) Trusteer Apex Access Manager Family Privileged Identity Manager Federated Identity Management Guardium Encryption Expert Guardium / Optim Data Masking AppScan Enterprise / Standard DataPower Web Security Gateway Next Generation Network Protection (XGS) SiteProtector Threat Management FiberLink MaaS360 Endpoint Manager Host Protection Directory Integrator / Directory Server Key Lifecycle Manager Security Policy Manager QRadar Network Anomaly Detection zsecure IBM X-Force Research

26 IBM Security latest industry rankings

27 IBM Security Framework and IBM Security Blueprint sg html?open

28 IBM Security Systems - IBM Security Framework

29 The IBM Security Blueprint

30 IBM Security Framework

31

32 X-Force Threat Intelligence: The IBM Differentiator X-Force database - extensive catalog of vulnerabilities Web filter database malicious or infected websites IP Reputation botnets, anonymous proxies, bad actors Application Identification web application information X-Force Threat Intelligence Cloud Vulnerability Research latest vulnerabilities and protections Security Services manage IPS for Customers

33

34 IBM Identity and Access Management Vision Key Themes Standardized IAM and Compliance Management Expand IAM vertically to provide identity and access intelligence to the business; Integrate horizontally to enforce user access to data, app, and infrastructure Secure Cloud, Mobile, Social Interaction Enhance context-based access control for cloud, mobile and SaaS access, as well as integration with proofing, validation and authentication solutions Insider Threat and IAM Governance Continue to develop Privileged Identity Management (PIM) capabilities and enhanced Identity and Role management

35

36 Data Security Vision QRadar Integration Across Multiple Deployment Models Key Themes Reduced Total Cost of Ownership Expanded support for databases and unstructured data, automation, handling and analysis of large volumes of audit records, and new preventive capabilities Enhanced Compliance Management Enhanced Database Vulnerability Assessment (VA) and Database Protection Subscription Service (DPS) with improved update frequency, labels for specific regulations, and product integrations Dynamic Data Protection Data masking capabilities for databases (row level, role level) and for applications (pattern based, form based) to safeguard sensitive and confidential data

37

38 Application Security Vision Key Themes Coverage for Mobile applications and new threats Continue to identify and reduce risk by expanding scanning capabilities to new platforms such as mobile, as well as introducing next generation dynamic analysis scanning and glass box testing Simplified interface and accelerated ROI New capabilities to improve customer time to value and consumability with out-of-the-box scanning, static analysis templates and ease of use features Security Intelligence Integration Automatically adjust threat levels based on knowledge of application vulnerabilities by integrating and analyzing scan results with SiteProtector and the QRadar Security Intelligence Platform

39

40 Infrastructure Protection Endpoint Vision Key Themes Security for Mobile Devices Provide security for and manage traditional endpoints alongside mobile devices such as Apple ios, Google Android, Symbian, and Microsoft Windows Phone - using a single platform Expansion of Security Content Continued expansion of security configuration and vulnerability content to increase coverage for applications, operating systems, and industry best practices Security Intelligence Integration Improved usage of analytics - providing valuable insights to meet compliance and IT security objectives, as well as further integration with SiteProtector and the QRadar Security Intelligence Platform

41 Infrastructure Protection Advanced Threat Security Intelligence Platform Log Manager SIEM Network Activity Monitor Risk Manager Future Threat Intelligence and Research Vulnerability Data Malicious Websites Malware Information IP Reputation Future Advanced Threat Protection Intrusion Prevention Content and Data Security Web Application Protection Network Anomaly Detection Application Control Future IBM Network Security Key Themes Advanced Threat Protection Platform Helps to prevent sophisticated threats and detect abnormal network behavior by using an extensible set of network security capabilities - in conjunction with real-time threat information and Security Intelligence Expanded X-Force Threat Intelligence Increased coverage of world-wide threat intelligence harvested by X-Force and the consumption of this data to make smarter and more accurate security decisions Security Intelligence Integration Tight integration between the Advanced Threat Protection Platform and QRadar Security Intelligence platform to provide unique and meaningful ways to detect, investigate and remediate threats

42

43 Security Intelligence: Integrating across IT silos Security Devices Servers & Hosts Network & Virtual Activity Database Activity Application Activity Configuration Info Vulnerability Info Event Correlation Activity Baselining & Anomaly Detection Offense Identification User Activity Extensive Data Sources Deep + Intelligence = High Priority Offenses Exceptionally Accurate and Actionable Insight JK

44 All domains feed Security Intelligence Correlate new threats based on X-Force IP reputation feeds Hundreds of 3 rd party information sources Guardium Database assets, rule logic and database activity information Identity and Access Management Identity context for all security domains w/ QRadar as the dashboard Tivoli Endpoint Manager Endpoint Management vulnerabilities enrich QRadar s vulnerability database IBM Security Network Intrusion Prevention System Flow data into QRadar turns NIPS devices into activity sensors AppScan Enterprise AppScan vulnerability results feed QRadar SIEM for improved asset risk assessment

45 The security maturity model

46 Intelligence: A comprehensive portfolio of products and services Security Intelligence and Analytics QRadar Log Manager QRadar SIEM QRadar Risk Manager QRadar Vulnerability Manager QRadar Incident Forensics Advanced Fraud Protection Trusteer Rapport Trusteer Pinpoint Malware Detection Trusteer Pinpoint ATO Detection Trusteer Mobile Risk Engine People Data Applications Network Infrastructure Endpoint Identity Manager Guardium Database Activity Monitoring AppScan Source Network Intrusion Prevention (GX) Trusteer Apex Access Manager Family Privileged Identity Manager Federated Identity Management Guardium Encryption Expert Guardium / Optim Data Masking AppScan Enterprise / Standard DataPower Web Security Gateway Next Generation Network Protection (XGS) SiteProtector Threat Management FiberLink MaaS360 Endpoint Manager Host Protection Directory Integrator / Directory Server Key Lifecycle Manager Security Policy Manager QRadar Network Anomaly Detection zsecure IBM X-Force Research

47 Learn more about IBM Security IBM Security Intelligence. Integration. Expertise. Visit our website IBM Security Website Watch our videos IBM Security YouTube Channel Read new blog posts SecurityIntelligence.com Follow us on

48